Security News > 2021 > September > Chinese Authorities Arrest Hackers Behind Mozi IoT Botnet Attacks

The operators of the Mozi IoT botnet have been taken into custody by Chinese law enforcement authorities, nearly two years after the malware emerged on the threat landscape in September 2019.
"Mozi uses a P2P network structure, and one of the 'advantages' of a P2P network is that it is robust, so even if some of the nodes go down, the whole network will carry on, and the remaining nodes will still infect other vulnerable devices, that is why we can still see Mozi spreading," said Netlab, which spotted the botnet for the first time in late 2019.
Exploiting the use of weak and default remote access passwords as well as through unpatched vulnerabilities, the botnet propagates by infecting routers and digital video recorders to co-opt the devices into an IoT botnet, which could be abused for launching distributed denial-of-service attacks, data exfiltration, and payload execution.
Now according to Netlab, the Mozi authors also packed in additional upgrades, which includes a mining trojan that spreads in a worm-like fashion through weak FTP and SSH passwords, expanding on the botnet's features by following a plug-in like approach to designing custom tag commands for different functional nodes.
What's more, Mozi's reliance on a BitTorrent-like Distributed Hash Table to communicate with other nodes in the botnet instead of a centralized command-and-control server allows it to function unimpeded, making it difficult to remotely activate a kill switch and render the malware ineffective on compromised hosts.
"The Mozi botnet samples have stopped updating for quite some time, but this does not mean that the threat posed by Mozi has ended," the researchers cautioned.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/Q2u5nz4MrzI/chinese-authorities-arrest-hackers.html
Related news
- Chinese Hackers Abuse IPv6 SLAAC for AitM Attacks via Spellbinder Lateral Movement Tool (source)
- Hackers Exploit Samsung MagicINFO, GeoVision IoT Flaws to Deploy Mirai Botnet (source)
- Chinese hackers behind attacks targeting SAP NetWeaver servers (source)
- Chinese Hackers Deploy MarsSnake Backdoor in Multi-Year Attack on Saudi Organization (source)
- Chinese Hackers Exploit Ivanti EPMM Bugs in Global Enterprise Network Attacks (source)
- Russian hackers attack Western military mission using malicious drive (source)
- Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool (source)
- Chinese hackers target Russian govt with upgraded RAT malware (source)
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)
- Hackers abuse Zoom remote control feature for crypto-theft attacks (source)